TL;DR: use this config and be sure that you’re using OpenSSL >= v1.0.1 and nginx >= 1.3.7 but I recommend >= 1.4.2.
Read the full article on Tautt.
Much of the recent outrage about the surveillance programs has been about the monitoring of U.S. Citizens, as it’s probably illegal. However, U.S. intelligence has the legal right to monitor foreign communications as they go through to U.S. service providers. However, even though something is legal doesn’t make it right. I’m not American; I don’t really care about what data is being collected about American citizens. I’m worried about us, the foreigners. After all, we foreigners make up 96 percent of the people on the planet.
The United States has an unfair advantage, as most of the popular cloud services, search engines, computer and mobile operating systems or web browsers are made by U.S. companies. When the rest of the world uses the net, they are effectively using U.S.-based services, making them a legal target for U.S. intelligence.
But foreigners are not automatically criminals or terrorists. And in a surveillance state, everybody is assumed guilty.